Coca-Cola (NYSE:KO) is the current leader of the soda world, but now it is navigating a personal data breach that has left many of its employees disgruntled, and one of its executives in a different job. According to the Wall Street Journal, Coke has always been fervent about keeping its business and employees safe from information theft, but the Atlanta, Georgia-based company was still forced to admit last week that personal information of roughly 70,000 current and former North American employees was compromised in December after a former employee stole company laptops and accessed the information that hadn’t been encrypted.
Unlike the security breach suffered by Target (NYSE:TGT) during the holiday season, the company’s perpetrator came from the inside, rather from the outside in, but employees were still shocked by Coke’s recent disclosure, especially since executives waited so long to alert its employees. A longtime Coke driver in New Jersey told the Journal, “I just find this very careless, and I think that too much time” passed before employees were informed.
Coke first disclosed Friday that customer information had been compromised, but then reiterated Sunday that it was not aware of the misuse of any personal data. According to the Journal, the company recovered 55 company laptops in November and December that had been stolen over a period of six years, and those affected by the breach included current employees, past employees, as well as Coke contractors and vendors. The former employee responsible for the compromise of 74,000 people’s information previously held a role that required him to maintain or dispose of company equipment. Coke first discovered the theft of sensitive information on the recovered computers on December 10.
The Journal reports that in-house security breaches aren’t uncommon and often go unpublicized. However, it was hard for Coke to push its case under the rug because the whole ordeal raises eyebrows as to how Coke effectively integrated the North American business of Coca-Cola Enterprises, its former largest U.S. bottler, after acquiring the business in 2010. Coke admitted last week that some of the stolen laptops belonged to the bottler, and interestingly enough, Steve Cahillane, a former executive at the bottler, left Coke two days after the company discovered the personal information on the recovered laptops. Coke has stood by its assertion that Cahillane’s departure was coincidental timing, saying Sunday “there is no absolutely no connection” between the stolen laptops and the executive’s exit, but some critics still aren’t so sure.
Now, it is up to Coke to face its angry employees who were just alerted of the breach more than a month after the breach’s initial discovery. Employees were emailed Friday and were warned that Social Security and driver’s license data could be used by criminals to access credit records and apply for new credit under employees’ names.
According to the Journal, Coke has maintained that it has abided by all U.S. laws, notifying affected individuals within 45 days of a discovery, but that doesn’t mean some employees aren’t still disgruntled. Whatever the case, if Coke’s security breach has taught onlookers anything — it’s that thefts can happen to any company, as Coke is known for having one of the tightest security controls in the business. Coke already has extensive safeguards on its computer network, and has kept the recipe for its iconic cola in a vault in an Atlantic museum, but even that security couldn’t save it from a breach in December.